X-Git-Url: https://git.saurik.com/apple/network_cmds.git/blobdiff_plain/7ba0088d6898d7fd2873f736f1f556673a8be855..3daef399aa12707bd9256a87337e559c62bd9759:/racoon.tproj/racoon.conf

diff --git a/racoon.tproj/racoon.conf b/racoon.tproj/racoon.conf
index 9487f2a..8eff697 100644
--- a/racoon.tproj/racoon.conf
+++ b/racoon.tproj/racoon.conf
@@ -3,7 +3,10 @@
 # "path" must be placed before it should be used.
 # You can overwrite which you defined, but it should not use due to confusing.
 path include "/etc/racoon" ;
-#include "remote.conf" ;
+
+# Allow third parties the ability to specify remote and sainfo entries
+# by including all files matching /etc/racoon/remote/*.conf
+include "/etc/racoon/remote/*.conf" ;
 
 # search this file for pre_shared_key with various ID key.
 path pre_shared_key "/etc/racoon/psk.txt" ;
@@ -39,40 +42,43 @@ listen
 timer
 {
 	# These value can be changed per remote node.
-	counter 5;		# maximum trying count to send.
-	interval 20 sec;	# maximum interval to resend.
+	counter 10;		# maximum trying count to send.
+	interval 3 sec;	# interval to resend (retransmit)
 	persend 1;		# the number of packets per a send.
 
 	# timer for waiting to complete each phase.
 	phase1 30 sec;
-	phase2 15 sec;
+	phase2 30 sec;
 }
 
-remote anonymous
-{
-	#exchange_mode main,aggressive;
-	exchange_mode aggressive,main;
-	doi ipsec_doi;
-	situation identity_only;
-
-	#my_identifier address;
-	my_identifier user_fqdn "macuser@localhost";
-	peers_identifier user_fqdn "macuser@localhost";
-	#certificate_type x509 "mycert" "mypriv";
-
-	nonce_size 16;
-	lifetime time 1 min;	# sec,min,hour
-	initial_contact on;
-	support_mip6 on;
-	proposal_check obey;	# obey, strict or claim
-
-	proposal {
-		encryption_algorithm 3des;
-		hash_algorithm sha1;
-		authentication_method pre_shared_key ;
-		dh_group 2 ;
-	}
-}
+#
+# anonymous entry is defined in /etc/racoon/remote/anonymous.conf
+#
+#remote anonymous
+#{
+#	#exchange_mode main,aggressive;
+#	exchange_mode aggressive,main;
+#	doi ipsec_doi;
+#	situation identity_only;
+#
+#	#my_identifier address;
+#	my_identifier user_fqdn "macuser@localhost";
+#	peers_identifier user_fqdn "macuser@localhost";
+#	#certificate_type x509 "mycert" "mypriv";
+#
+#	nonce_size 16;
+#	lifetime time 1 min;	# sec,min,hour
+#	initial_contact on;
+#	support_mip6 on;
+#	proposal_check obey;	# obey, strict or claim
+#
+#	proposal {
+#		encryption_algorithm 3des;
+#		hash_algorithm sha1;
+#		authentication_method pre_shared_key ;
+#		dh_group 2 ;
+#	}
+#}
 
 remote ::1 [8000]
 {
@@ -96,14 +102,17 @@ remote ::1 [8000]
 	}
 }
 
-sainfo anonymous
-{
-	pfs_group 1;
-	lifetime time 30 sec;
-	encryption_algorithm 3des ;
-	authentication_algorithm hmac_sha1;
-	compression_algorithm deflate ;
-}
+#
+# anonymous entry is defined in /etc/racoon/remote/anonymous.conf
+#
+#sainfo anonymous
+#{
+#	pfs_group 1;
+#	lifetime time 30 sec;
+#	encryption_algorithm aes, 3des ;
+#	authentication_algorithm hmac_sha1;
+#	compression_algorithm deflate ;
+#}
 
 # sainfo address 203.178.141.209 any address 203.178.141.218 any
 # {